These activities have shown that user credentials are now the top target for hackers.

"Credentials for online services are worth up to $50 (£30.57), but credit card numbers cost less than $1 because they have a shorter lifespan and are more difficult to monetise as additional information such as the CVC number and expiry date are needed," says Bar-Yosef

Despite the value that criminals put on credentials, not many businesses are giving much thought to how they might be protected, she says.

Organisations should also take note of discussion around the opportunities being opened up by increased amount of data being stored and transmitted using mobile devices.

"Despite the fact that mobile devices are now capable of storing entire customer databases, the threat this opens up for the enterprise is largely being ignored," says Bar-Yosef.

There has been a massive increase in chatter around the Android operating system in the past six months, she says, making it now as widely discussed on hacker forums as the operating system for Apple's iPhone and Nokia's smartphones.

Intelligence around cyber criminal activities shows that they are moving up the stack to target vulnerabilities in mobile applications, she says, which need to be recognised as part of the enterprise and controlled in the same way as PC-based applications.

"Major data-stealing Trojans like Zeus and SpyEye are being developed for use in the mobile world, where many web applications still trust user input and do not implement the same basic protections as the PC versions such as SSL," says Bar-Yosef.

Intelligence gathering also shows that cybercriminals are feeling the heat from US and other international operations to shut down botnets such as Coreflood, roundup money mules, and arrest those responsible for DDoS attacks.

"They are feeling the heat and reacting accordingly, by consolidating resources to make massive investments in crafting bigger and more effective attacks that are designed to evade security controls," says Bar-Yosef.

While it is still important to patch applications and operating systems, deploy anti-malware software, and maintain firewalls, she says, organisations have to understand that they will be targeted and that these measures alone will not be 100% effective.

"Enterprises need to be aware of and planning for the risks involved in using social media, cloud computing and mobile technologies," says Bar-Yosef.

Research has shown that cybercriminals are early adopters of these new technologies and are better equipped to use and exploit them, which means it is more important then ever for enterprises to put controls around their data assets, she says.

Email Alerts

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

It can be tempting to stray from the security roadmap security professionals have put in place when data breaches like the Sony and Anthem breaches are all over the news. But experts say it's crucial to stick to the security basics.

The Open Data Platform has arrived, but not all Hadoop vendors are on board. The initiative, aimed at boosting interoperability, formed a backdrop for discussion at the Strata + Hadoop World 2015 conference.